| Tool Mentor: TAM - Monitor, Assess, Audit and Report Security |
 |
 |
|
| Related Elements |
|---|
ContextTool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section. You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons: DetailsIBM® Tivoli® Access Manager (TAM) for e-business provides a scalable and fine-grained policy-based access control solution for e-business and enterprise applications. Auditing of authentication, authorization, and management operations is available either by setting an auditing policy through a powerful and comprehensive set of APIs or through the two main management interfaces, one Web-based and the other command-line interface-based, that TAM for e-business offers. In addition to providing support for a wide variety of e-business applications through its APIs, TAM for e-business allows central administration of various security policy enforcement points such as TAM for Operating Systems, TAM for Business Integration, and TAM WebSEAL. See Chapter 1: "IBM Tivoli Access Manager Overview" in IBM Tivoli Access Manager for e-business Administration Guide version 5.1. To provide accurate and complete information to the security managers and officers, all security enforcement points need to be able to provide an audit trail of security-related incidents. These logs are generated by the enforcement points as protected resources are accessed to provide an accurate timeline of events as well as detailed information regarding the access. Protected objects defined within IBM Tivoli Access Manager for e-business representing application and resources of enforcement points are managed within an objectspace. Access control is accomplished by attaching an Access Control List (ACL) to protected objects. Auditing of granted or denied accesses is accomplished by attaching a Protected Object Policy (POP). Combining the ACLs and POPs with a hierarchical policy model of inheritance, IBM Tivoli Access Manager for e-business allows great flexibility and ease of administration in setting auditing policies that can be very fine grained. See Chapter 3: Tivoli Access Manager Administration in the IBM Tivoli Access Manager for e-business Administration Guide version 5.1 . Management of the objectspace is done either through the management APIs, the Web Portal Management interface, or a command line interface referred to as pdadmin. The IBM Tivoli Access Manager for e-business set of audit events is divided into three categories: authorization, authentication, and management events. For example, a login to the Web Portal Management interface will trigger an authentication event. Detaching an ACL will generate an authorization event against the identity of the administrator who is performing the action and a management event for the administrative task being performed. Each of those events can generate an audit record if the right audit levels are set. Audit events are captured in the audit trail in a standard format using the Extensible Markup Language (XML). The XML file is in ASCII format and can be read directly or passed to other external parsing engines for further analysis. See Chapters 18 and 20: XML output for logging and auditing logs and Logging of legacy auditing events in the IBM Tivoli Access Manager for e-business Administration Guide version 5.1. Because it is likely to generate a larger volume of audit records than the other IBM Tivoli Access Manager enforcement points, IBM Tivoli Access Manager for Operating Systems supports more space-efficient binary audit logs that can in turn be converted to several formats including comma-separated values (CSV). IBM Tivoli Access Manager WebSEAL, an authentication and authorization engine on Web-based resources, and information for the IBM Tivoli Access Manager for e-Business supports three types of audit events: authorization, credential acquisition authentication, and HTTP requests. See Chapter 4: Serviceability and Logging in IBM Tivoli Access Manager for e-business WebSEAL Administration Guide version 5.1. IBM Tivoli Access Manager for Operating Systems provides auditing capabilities that allow you to track authorization access decisions that are made to protected resources as well as to monitor activity of an administrative nature. Administration events include events such as the starting and stopping of the daemons, or locking and unlocking user accounts and so on. Auditing of authorization decisions can be set globally, for a specific protected resource, or on a per-user basis. The protected resources and actions are system files and processes, network ports, login events, surrogate operations, sudo operations, and change of user password. In addition to the auditing of accesses, Tivoli Access Manager for Operating System provides the ability to report on the security policy in place at a given time by effectively taking a snapshot of the current policy. See Chapter 7: Auditing in the IBM Tivoli Access Manager for Operating Systems Administration Guide version 5.1. Tivoli Access Manager for Business Integration provides auditing of authorization decisions operation on IBM MQSeries and IBM WebSphere® MQ message queues. Authorization checks are done on MQOPEN, MQCONNECT, MQPUT and MQGET. TAMBI also provides a similar service for JMS over IBM MQSeries with some restrictions. See Chapter 9: Auditing in the IBM Tivoli Access Manager for Business Integration Administration Guide version 5.1. The auditing and reporting capabilities of the IBM Access Manager family of products play a critical part of determining whether the security controls are set up appropriately to implement security policies and procedures described by the Security Management Framework. For More InformationFor more information about this tool, click on the link for this tool at the top of this page. |
©Copyright IBM Corp. 2005, 2008. All Rights Reserved. |